Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira Scanner crashes without scanning anything


  • This topic is locked This topic is locked
14 replies to this topic

#1 eClySe

eClySe

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 04 July 2016 - 08:37 AM

I had Avira Free Antivirus for a year now and it was working fine until now.

 

Avira is still on as far as i know. Real-Time protection also works, although with slight differences. I tried doing an EICAR virus test to verify this. Instead of Avira giving me a pop-up about a detection, Avira didn't. However, I wasn't able to open the EICAR text file anymore, so I assumed that Avira was blocking it. The problem is with the scanner. Whenever I start a system scan, the scanner opens and runs for a while, although it's not scanning. I can pause the scan and resume it fine as long as the scanning process hasn't started yet. But before it actually starts scanning, the Scanner just crashes. I did this a few times with the same result. I'm not sure when this started since most of the time, I just let Avira do a regular scan and I never tried manually starting a scan.

 

My PC is an ASUS Model X555L running Windows 8.1, in case it's needed.

 

Thank you for helping.

 

I first posted this problem here -> http://www.bleepingcomputer.com/forums/t/618781/avira-scanner-crashes-right-after-starting-up/

and I was told to post it here instead.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by John (administrator) on ECLYSE (04-07-2016 21:22:15)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 Single Language (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5020\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Battle.net\Battle.net.7575\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9856352 2016-07-01] ()
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [uTorrent] => C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-20] (BitTorrent Inc.)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {0bf0faf4-fedf-11e5-82a8-3010b3a90935} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {3d00ada7-c0a6-11e5-8298-3010b3a90935} - "G:\Setup.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\...\MountPoints2: {d1b86e6d-23cb-11e6-82af-3010b3a90935} - "G:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-10]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2015-12-29] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{048399ED-ECB6-4B95-BC35-A46E935C7BC3}: [DhcpNameServer] 192.168.32.1
Tcpip\..\Interfaces\{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1802426354-685773147-3862697081-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1802426354-685773147-3862697081-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-29] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-29] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz6snha0.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF DefaultSearchEngine: Search Provided by Yahoo
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_ir_16_19&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzztB0CyE0AtB0E0DtB0AtCzy0FtAtDtN0D0Tzu0StCyDzyyCtN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0ByD0A0B0CyDzytGtCyByCyEtG0AtA0B0BtGtAtCyBtCtG0B0CyDtCtD0A0D0E0BtAzyyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0DyEyEzztC0A0FtGtAzztC0FtGyEtA0FtDtG0AzztDyEtG0Czz0D0Ezyzz0DzytD0AtB0B2QtN0A0LzuyE%26cr%3D348728159%26a%3Dwncy_ir_16_19%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BSingle%2BLanguage
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-03-24] (Unity Technologies ApS)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-03-23] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1802426354-685773147-3862697081-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\John\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-02-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\iz6snha0.default\Extensions\abs@avira.com [2016-07-03]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1417298729&from=cor&uid=3219913727_198259_081521DB","hxxp://www.luckysearches.com/?type=hp&ts=1429271296&from=2sq&uid=ST1000LM024XHN-M101MBB_S32XJ9AF930157"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (From Dust) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2015-05-13]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-05-27]
CHR Extension: (Avira Browser Safety) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-06-24]
CHR Extension: (Chain Reaction) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa [2015-05-13]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-30]
CHR Extension: (Creatures & Castles) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd [2015-05-13]
CHR Extension: (Marvel Comics) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2015-05-13]
CHR Extension: (Into The Mist) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2015-05-13]
CHR Extension: (Pocket Legends) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2015-05-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR Extension: (Canvas Rider) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [977664 2014-06-04] (Broadcom Corporation.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-03] (Intel® Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-10-24] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2015-04-16] () [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-10] (Broadcom Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-18] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-01-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-24] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-22] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\John\AppData\Local\Temp\gkernel.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 21:22 - 2016-07-04 21:22 - 00025395 _____ C:\Users\John\Desktop\FRST.txt
2016-07-04 21:22 - 2016-07-04 21:22 - 00000000 ____D C:\FRST
2016-07-04 21:20 - 2016-07-04 21:21 - 02390016 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-07-04 13:14 - 2016-07-04 13:15 - 00381176 _____ C:\Windows\Minidump\070416-214890-01.dmp
2016-07-04 12:54 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-07-04 12:54 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-07-04 12:30 - 2016-07-04 12:54 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-04 12:21 - 2016-07-04 12:23 - 00265678 _____ C:\Windows\ntbtlog.txt
2016-07-04 12:14 - 2016-07-04 13:51 - 00000000 ____D C:\Users\John\AppData\LocalLow\uTorrent
2016-07-04 12:07 - 2016-07-04 12:08 - 02975136 _____ (Avira Operations GmbH & Co. KG) C:\Users\John\Downloads\avira_registry_cleaner_en.exe
2016-07-03 18:08 - 2016-07-03 18:28 - 00000000 ____D C:\Users\John\AppData\Roaming\WizardWars
2016-07-03 14:41 - 2016-07-03 14:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Avira
2016-07-03 12:48 - 2016-07-04 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-03 12:48 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Avira
2016-07-03 12:36 - 2016-06-15 01:13 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-03 12:36 - 2016-06-15 01:13 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-03 11:09 - 2016-05-29 15:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-03 11:09 - 2016-05-29 02:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-03 11:09 - 2016-05-19 07:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-03 11:09 - 2016-05-19 07:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-03 11:09 - 2016-05-19 07:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-03 11:09 - 2016-05-19 06:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-03 11:09 - 2016-05-19 05:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-07-03 11:09 - 2016-05-19 05:33 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-03 11:09 - 2016-05-19 05:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-07-03 11:09 - 2016-05-19 04:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-03 11:09 - 2016-05-19 04:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-07-03 11:09 - 2016-05-19 04:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-07-03 11:09 - 2016-05-19 04:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-07-03 11:09 - 2016-05-19 04:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-07-03 11:09 - 2016-05-15 04:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-03 11:09 - 2016-05-14 13:19 - 07446360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-03 11:09 - 2016-05-14 13:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-03 11:09 - 2016-05-14 07:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-07-03 11:09 - 2016-05-14 07:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-07-03 11:09 - 2016-05-14 07:08 - 00032512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-07-03 11:09 - 2016-05-14 06:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-03 11:09 - 2016-05-14 05:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-03 11:09 - 2016-05-14 05:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-03 11:09 - 2016-05-14 05:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-03 11:09 - 2016-05-14 05:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-07-03 11:09 - 2016-05-14 05:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-03 11:09 - 2016-05-14 05:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-03 11:09 - 2016-05-14 05:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-03 11:09 - 2016-05-14 05:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-03 11:09 - 2016-05-14 05:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-03 11:09 - 2016-05-14 05:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-03 11:09 - 2016-05-14 05:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-03 11:09 - 2016-05-13 02:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-07-03 11:09 - 2016-05-13 01:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-07-03 11:09 - 2016-05-13 01:37 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc63.sys
2016-07-03 11:09 - 2016-05-11 10:24 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-07-03 11:09 - 2016-05-11 10:24 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-07-03 11:09 - 2016-05-07 05:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-07-03 11:09 - 2016-05-07 01:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-07-03 11:09 - 2016-05-06 02:28 - 01661072 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-03 11:09 - 2016-05-06 01:39 - 01212256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-03 11:09 - 2016-05-06 01:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-03 11:09 - 2016-05-06 01:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-03 11:09 - 2016-05-06 00:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-03 11:09 - 2016-05-06 00:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-07-03 11:09 - 2016-05-06 00:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-03 11:09 - 2016-05-05 23:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-03 11:09 - 2016-05-05 23:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-03 11:09 - 2016-04-16 21:56 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-07-03 11:09 - 2016-04-12 23:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-07-03 11:09 - 2016-04-12 23:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-07-03 11:09 - 2016-04-10 13:35 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-07-03 11:09 - 2016-04-10 06:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-07-03 11:09 - 2016-04-10 06:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-07-03 11:09 - 2016-04-10 06:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-03 11:09 - 2016-04-10 06:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-07-03 11:09 - 2016-04-10 06:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-07-03 11:09 - 2016-04-10 05:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-07-03 11:09 - 2016-04-10 05:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-07-03 11:09 - 2016-04-10 05:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-07-03 11:09 - 2016-04-10 05:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-07-03 11:09 - 2016-04-10 05:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2016-07-03 11:09 - 2016-04-08 00:34 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-03 11:09 - 2016-04-08 00:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-07-03 11:09 - 2016-04-07 23:36 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-03 11:09 - 2016-04-07 05:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-07-03 11:09 - 2016-04-07 02:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-07-03 11:09 - 2016-04-07 02:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-07-03 11:09 - 2016-04-07 00:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-07-03 11:09 - 2016-04-06 06:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-07-03 11:09 - 2016-04-02 21:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-07-03 11:09 - 2016-04-02 01:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-07-03 11:09 - 2016-04-02 01:00 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-07-03 11:09 - 2016-04-02 00:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-07-03 11:09 - 2016-04-02 00:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-03 11:09 - 2016-04-02 00:41 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-07-03 11:09 - 2016-02-05 00:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-07-03 11:09 - 2016-02-05 00:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-07-03 11:09 - 2016-02-05 00:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-07-03 11:01 - 2016-07-03 11:02 - 04657056 _____ (Avira Operations GmbH & Co. KG) C:\Users\John\Downloads\avira_en_av_57787fb2c4cc9__ws.exe
2016-07-02 23:03 - 2016-07-02 23:03 - 00000000 ____D C:\Program Files (x86)\ESET
2016-07-02 22:47 - 2016-07-02 22:47 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2016-07-02 22:46 - 2016-07-02 22:48 - 00000000 ____D C:\Users\John\Documents\Visual Studio 2015
2016-07-02 21:05 - 2016-07-02 21:05 - 00000000 ____D C:\Users\John\AppData\Local\ESET
2016-07-02 15:44 - 2016-07-02 15:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-02 06:17 - 2016-07-02 06:17 - 00007605 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2016-06-30 20:45 - 2016-06-30 20:45 - 00000000 ____D C:\Users\John\AppData\Local\Colossal Order
2016-06-30 10:10 - 2016-06-30 15:56 - 00000000 ____D C:\Users\John\Downloads\Cities.Skylines.Snowfall-CODEX
2016-06-30 09:58 - 2016-06-30 09:58 - 00018650 _____ C:\Users\John\Downloads\Cities.Skylines.Snowfall-CODEX.torrent
2016-06-29 01:17 - 2016-05-22 01:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-29 01:17 - 2016-05-22 00:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-29 01:17 - 2016-05-21 06:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-29 01:17 - 2016-05-21 06:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-29 01:17 - 2016-05-21 06:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-29 01:17 - 2016-05-21 05:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-29 01:17 - 2016-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-29 01:17 - 2016-05-21 05:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-29 01:17 - 2016-05-21 05:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-29 01:17 - 2016-05-21 05:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-29 01:17 - 2016-05-21 05:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-29 01:17 - 2016-05-21 05:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-29 01:17 - 2016-05-21 05:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-29 01:17 - 2016-05-21 05:25 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-06-29 01:17 - 2016-05-21 05:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-29 01:17 - 2016-05-21 05:21 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-06-29 01:17 - 2016-05-21 05:19 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-29 01:17 - 2016-05-21 05:16 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-29 01:17 - 2016-05-21 05:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-29 01:17 - 2016-05-21 05:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-29 01:17 - 2016-05-21 05:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-29 01:17 - 2016-05-21 05:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-29 01:17 - 2016-05-21 05:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-29 01:17 - 2016-05-21 05:09 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-29 01:17 - 2016-05-21 05:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-29 01:17 - 2016-05-21 05:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-29 01:17 - 2016-05-21 05:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-29 01:17 - 2016-05-21 04:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-29 01:17 - 2016-05-21 04:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-29 01:17 - 2016-05-21 04:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-29 01:17 - 2016-05-21 04:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-29 01:17 - 2016-05-21 04:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-29 01:17 - 2016-05-21 04:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-29 01:17 - 2016-05-13 02:38 - 00135336 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-29 01:17 - 2016-05-13 01:43 - 00115704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-29 01:17 - 2016-05-13 00:17 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-29 01:17 - 2016-05-13 00:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-29 01:17 - 2016-05-13 00:07 - 01360896 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-29 01:17 - 2016-05-12 23:59 - 00398848 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-29 01:17 - 2016-05-12 23:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-29 01:17 - 2016-05-12 23:37 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-29 01:17 - 2016-05-06 23:45 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-29 01:17 - 2016-05-06 23:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-29 01:16 - 2016-06-04 01:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-06-29 01:16 - 2016-06-03 21:38 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-29 01:16 - 2016-06-03 01:51 - 00050352 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-29 01:16 - 2016-05-29 23:04 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-29 01:16 - 2016-05-29 23:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-29 01:16 - 2016-05-18 13:31 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-29 01:16 - 2016-05-18 13:31 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-29 01:16 - 2016-05-15 04:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-29 01:16 - 2016-05-15 04:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-29 01:16 - 2016-05-14 07:09 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-29 01:16 - 2016-05-14 07:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-29 01:16 - 2016-05-14 07:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-29 01:16 - 2016-05-14 07:04 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-29 01:16 - 2016-05-14 06:19 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-29 01:16 - 2016-05-14 05:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-29 01:16 - 2016-05-14 05:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-29 01:16 - 2016-05-14 05:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-29 01:16 - 2016-05-14 05:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-29 01:16 - 2016-05-10 05:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-29 01:16 - 2016-05-10 04:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-29 01:16 - 2016-05-10 04:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-29 01:16 - 2016-05-10 04:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-29 01:11 - 2016-05-19 07:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-29 01:11 - 2016-05-19 04:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-28 12:02 - 2016-07-03 21:59 - 00000000 ___RD C:\Users\John\Desktop\ 
2016-06-17 17:35 - 2016-06-17 17:35 - 00000701 _____ C:\Users\John\Downloads\Invisible.zip
2016-06-12 09:05 - 2016-06-12 09:05 - 00000000 ____D C:\Users\John\Documents\Bluetooth Exchange Folder
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-04 21:22 - 2015-04-15 18:22 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2016-07-04 21:18 - 2015-07-01 20:15 - 00000000 ____D C:\Users\John\AppData\Local\Battle.net
2016-07-04 20:43 - 2015-04-13 03:54 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-04 20:28 - 2016-05-15 23:28 - 00000280 _____ C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job
2016-07-04 19:45 - 2015-04-15 19:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-04 18:01 - 2015-04-15 20:52 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2016-07-04 14:57 - 2016-02-21 22:04 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-07-04 14:57 - 2015-07-01 20:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-04 13:54 - 2015-04-13 05:30 - 00000000 ____D C:\Users\John\AppData\Roaming\GarenaPlus
2016-07-04 13:54 - 2015-04-13 05:29 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-07-04 13:50 - 2015-04-13 03:53 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-04 13:14 - 2015-05-14 11:00 - 00000000 ____D C:\Windows\Minidump
2016-07-04 13:14 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-04 13:00 - 2014-10-10 07:43 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1802426354-685773147-3862697081-1001
2016-07-03 13:41 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-07-03 12:48 - 2015-04-13 04:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-03 12:47 - 2015-04-13 05:29 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-07-03 12:35 - 2013-08-22 22:44 - 00483920 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-03 12:34 - 2015-07-31 09:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-03 12:34 - 2015-07-31 09:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-03 12:30 - 2015-04-20 23:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-03 12:30 - 2015-04-20 03:04 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-03 12:30 - 2015-04-20 03:04 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-03 12:30 - 2014-05-24 10:51 - 00000000 ____D C:\Windows\SysWOW64\id-ID
2016-07-03 12:30 - 2014-05-24 10:51 - 00000000 ____D C:\Windows\system32\id-ID
2016-07-03 12:30 - 2014-05-24 10:50 - 00000000 ____D C:\Windows\SysWOW64\vi-VN
2016-07-03 12:30 - 2014-05-24 10:50 - 00000000 ____D C:\Windows\system32\vi-VN
2016-07-03 12:30 - 2014-05-24 10:49 - 00000000 ____D C:\Windows\SysWOW64\hi-IN
2016-07-03 12:30 - 2014-05-24 10:49 - 00000000 ____D C:\Windows\system32\hi-IN
2016-07-03 12:29 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2016-07-03 12:28 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-07-03 11:35 - 2015-04-17 21:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-03 11:31 - 2015-07-31 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-03 11:21 - 2013-08-22 21:25 - 00000199 _____ C:\Windows\win.ini
2016-07-03 11:16 - 2015-04-16 22:26 - 00000000 ____D C:\Windows\system32\MRT
2016-07-03 11:11 - 2015-04-20 23:08 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-03 11:02 - 2015-05-02 12:55 - 00000825 _____ C:\Users\John\Downloads\what.txt
2016-07-03 10:25 - 2015-04-22 15:54 - 00451584 ___SH C:\Users\John\Downloads\Thumbs.db
2016-07-02 23:11 - 2015-04-15 18:32 - 00000000 ___DC C:\Users\John\AppData\Local\MigWiz
2016-07-02 23:02 - 2015-04-17 16:53 - 00000000 ____D C:\Users\John\AppData\Roaming\DAEMON Tools Lite
2016-07-02 23:01 - 2016-01-22 09:52 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2016-07-02 21:02 - 2014-10-10 07:37 - 00000000 ____D C:\Users\John
2016-07-02 16:28 - 2016-05-16 00:28 - 00000156 _____ C:\Users\John\AppData\Roaming\WB.CFG
2016-07-02 06:37 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-07-02 06:36 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-02 06:02 - 2015-06-20 01:05 - 00000000 ____D C:\Users\John\Documents\School
2016-06-30 20:31 - 2015-11-14 14:14 - 00000000 ____D C:\Games
2016-06-30 10:08 - 2016-04-13 19:39 - 00000000 ____D C:\Users\John\Downloads\Ringtone
2016-06-30 10:05 - 2016-04-25 03:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
2016-06-30 10:05 - 2016-04-25 03:12 - 00000063 _____ C:\Windows\SIERRA.INI
2016-06-30 10:05 - 2015-11-29 09:55 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2016-06-30 10:05 - 2014-10-10 09:26 - 00000000 ____D C:\Users\John\AppData\Local\Deployment
2016-06-30 10:05 - 2014-10-10 07:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-30 10:03 - 2015-04-24 15:26 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-06-30 09:59 - 2016-01-31 17:27 - 00000000 ____D C:\Users\John\AppData\Roaming\.minecraft
2016-06-30 09:48 - 2016-01-31 17:10 - 02463506 _____ () C:\Users\John\Downloads\TLauncher-MCL.exe
2016-06-30 00:43 - 2015-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-06-19 11:49 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-18 06:07 - 2015-04-13 04:02 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 17:35 - 2015-06-06 17:04 - 00000000 ____D C:\Users\John\Downloads\Invisible
2016-06-17 14:01 - 2014-03-18 17:53 - 00913806 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-16 04:40 - 2015-04-27 12:39 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-15 15:52 - 2015-04-26 00:57 - 00000000 ____D C:\Users\John\Documents\Prototype
2016-06-15 14:51 - 2015-04-24 05:41 - 00000000 ____D C:\Users\John\Documents\My Games
2016-06-04 00:08 - 2016-05-15 23:31 - 00000000 ____D C:\Users\John\AppData\Local\JDownloader v2.0
 
==================== Files in the root of some directories =======
 
2015-04-15 19:57 - 2016-05-27 20:18 - 0045270 _____ () C:\Users\John\AppData\Roaming\room_v3.dat
2016-05-16 00:28 - 2016-07-02 16:28 - 0000156 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2016-07-02 06:17 - 2016-07-02 06:17 - 0007605 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2014-10-10 07:09 - 2014-10-10 07:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-24 10:27 - 2012-09-07 19:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-24 10:27 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-24 10:27 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job
 
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\avgnt.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\SIntf16.dll
C:\Windows\SysWOW64\SIntf32.dll
C:\Windows\SysWOW64\SIntfNT.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-11 05:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 04 July 2016 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove these programs via the Control Panel > Programs > Programs and Features applet.
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
YTD Video Downloader 5.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.3 - GreenTree Applications SRL) <==== ATTENTION
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1417298729&from=cor&uid=3219913727_198259_081521DB","hxxp://www.luckysearches.com/?type=hp&ts=1429271296&from=2sq&uid=ST1000LM024XHN-M101MBB_S32XJ9AF930157"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\John\AppData\Local\Temp\gkernel.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
U0 msahci; system32\drivers\msahci.sys
Task: {7ACE5B25-4BCD-4CD5-AF69-A36F77DF85E3} - System32\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9} => C:\Users\John\AppData\Local\{2BE41~1\UNINST~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job => C:\Users\John\AppData\Local\{2BE41~1\UNINST~1.EXE <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.

#3 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 04 July 2016 - 10:20 AM

Hello. Thanks for helping and sorry for the multiple posts. I was getting an Error 524 or something like that.

 

Unfortunately, the Scanner still crashes without scanning anything.

 

fixlist.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by John (2016-07-04 22:59:47) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1417298729&from=cor&uid=3219913727_198259_081521DB","hxxp://www.luckysearches.com/?type=hp&ts=1429271296&from=2sq&uid=ST1000LM024XHN-M101MBB_S32XJ9AF930157"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\John\AppData\Local\Temp\gkernel.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
U0 msahci; system32\drivers\msahci.sys
Task: {7ACE5B25-4BCD-4CD5-AF69-A36F77DF85E3} - System32\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9} => C:\Users\John\AppData\Local\{2BE41~1\UNINST~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job => C:\Users\John\AppData\Local\{2BE41~1\UNINST~1.EXE <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe => No running process found
C:\Users\John\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe => No running process found
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
GGSAFERDriver => service removed successfully
gkernel => Unable to stop service.
gkernel => service removed successfully
IntcAzAudAddService => service removed successfully
msahci => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7ACE5B25-4BCD-4CD5-AF69-A36F77DF85E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ACE5B25-4BCD-4CD5-AF69-A36F77DF85E3}" => key removed successfully
C:\Windows\System32\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}" => key removed successfully
C:\Windows\Tasks\{5D7664AA-C128-C3F0-4DB4-6D70CB005FD9}.job => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5269157 B
Java, Flash, Steam htmlcache => 67831250 B
Windows/system/drivers => 5826546 B
Edge => 0 B
Chrome => 18825894 B
Firefox => 5643694 B
Opera => 12288 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 560 B
LocalService => 16951350 B
NetworkService => 19150 B
John => 216672657 B
 
RecycleBin => 0 B
EmptyTemp: => 329.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:01:17 ====


#4 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 04 July 2016 - 11:53 PM

Just an update. I was able to run the Scanner by adding it to the Schedule tab of Avira. After leaving it running for hours, the scanner found TR/Crypt.XPACK.Gen, I wasn't able to get the file name of the infected file since I wasn't monitoring it. Also, I'm not yet sure if this is a false positive or not. Manually asking for a scan still crashes the scanner.


Edited by eClySe, 05 July 2016 - 12:13 AM.


#5 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 05 July 2016 - 12:40 AM

I was able to quarantine the infected file. I'm not sure what to do now.



#6 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 05 July 2016 - 12:48 AM

By the way, the name of the file was OpenSaveFolder.exe. I never opened it. I actually had no idea it was there.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 05 July 2016 - 09:48 AM


I do not think you need that file.
https://www.virustotal.com/fr/file/97d44449a7b313704106bd5234669eb4cdfabcfc898d051410853c928aaafbec/analysis/

===

The problem with the scanner could be caused by an old driver.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.

http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

Any luck.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 11 July 2016 - 07:46 AM

Are you still with me?

#9 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 12 July 2016 - 02:53 AM

Sorry, updating each software took a while but it's done now. The Scanner still crashes though. I starting to think this might not be caused by a malware anymore.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 12 July 2016 - 08:15 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#11 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 12 July 2016 - 08:51 AM

There was no Result.txt made, instead I found this txt file

 

MTB.txt

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by John (administrator) on 12-07-2016 at 21:45:50
Running from "C:\Users\John\Desktop"
Microsoft Windows 8.1 Single Language  (X64)
Model: X555LN Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
216.98.48.18 127.0.0.1
216.98.48.53 127.0.0.1
216.98.48.57 127.0.0.1
216.98.48.133 127.0.0.1
216.98.48.134 127.0.0.1
========================= IP Configuration: ================================
 
Broadcom 802.11n Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface= subinterface=ethernet_5 mtu=1477
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : eClySe
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 30-10-B3-A9-09-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 32-10-B3-E2-43-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 30-10-B3-E2-43-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a9cf:4160:419:faa3%4(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, July 12, 2016 8:44:27 AM
   Lease Expires . . . . . . . . . . : Wednesday, July 13, 2016 8:52:38 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 70258867
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C8-C9-6B-38-2C-4A-2E-D2-A1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : BN04.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 38-2C-4A-2E-D2-A1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3013:96c9:ce6a:667b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3013:96c9:ce6a:667b%8(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C8-C9-6B-38-2C-4A-2E-D2-A1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  64.233.189.102
 64.233.189.113
 64.233.189.138
 64.233.189.139
 64.233.189.100
 64.233.189.101
 
 
Pinging google.com [64.233.189.102] with 32 bytes of data:
Reply from 64.233.189.102: bytes=32 time=69ms TTL=45
Reply from 64.233.189.102: bytes=32 time=74ms TTL=45
 
Ping statistics for 64.233.189.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 69ms, Maximum = 74ms, Average = 71ms
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=225ms TTL=49
Reply from 206.190.36.45: bytes=32 time=202ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 202ms, Maximum = 225ms, Average = 213ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...30 10 b3 a9 09 35 ......Bluetooth Device (Personal Area Network)
  5...32 10 b3 e2 43 b2 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...30 10 b3 e2 43 b2 ......Broadcom 802.11n Network Adapter
  3...38 2c 4a 2e d2 a1 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.4    281
      192.168.1.4  255.255.255.255         On-link       192.168.1.4    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.4    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  8    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  8    306 2001::/32                On-link
  8    306 2001:0:5ef5:79fb:3013:96c9:ce6a:667b/128
                                    On-link
  4    281 fe80::/64                On-link
  8    306 fe80::/64                On-link
  8    306 fe80::3013:96c9:ce6a:667b/128
                                    On-link
  4    281 fe80::a9cf:4160:419:faa3/128
                                    On-link
  1    306 ff00::/8                 On-link
  8    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/12/2016 09:45:24 PM) (Source: Application Hang) (User: )
Description: The program MiniToolBox.exe version 17.6.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 140
 
Start Time: 01d1dc431bc772d8
 
Termination Time: 4294967295
 
Application Path: C:\Users\John\Desktop\MiniToolBox.exe
 
Report Id: d8c032f1-4836-11e6-82ca-3010b3a90935
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/12/2016 03:51:54 PM) (Source: Application Hang) (User: )
Description: The program avscan.exe version 15.0.17.264 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 253c
 
Start Time: 01d1dc1235dc55ad
 
Termination Time: 1479
 
Application Path: C:\Program Files (x86)\Avira\Antivirus\avscan.exe
 
Report Id: 7d42e02a-4805-11e6-82ca-3010b3a90935
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/12/2016 08:59:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2016 08:59:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2016 08:46:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2016 08:46:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/12/2016 02:36:56 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/11/2016 07:54:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/11/2016 07:54:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/11/2016 05:30:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (07/11/2016 06:23:57 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JPELA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2016 06:10:09 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JPELA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}.
The master browser is stopping or an election is being forced.
 
Error: (07/09/2016 02:27:59 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.4.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.
 
Error: (07/08/2016 02:01:26 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (07/08/2016 02:01:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (07/08/2016 01:59:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect.
 
Error: (07/08/2016 01:58:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:38:08 PM on ‎7/‎8/‎2016 was unexpected.
 
Error: (07/07/2016 06:20:45 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
%%1008 = An attempt was made to reference a token that does not exist.
 
 
Error: (07/07/2016 06:18:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Streamer Service service to connect.
 
Error: (07/06/2016 12:17:28 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JPELA
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC242DEB-BBBD-4CDC-8447-FB9D8820C2FC}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (07/12/2016 09:45:24 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe17.6.2016.014001d1dc431bc772d84294967295C:\Users\John\Desktop\MiniToolBox.exed8c032f1-4836-11e6-82ca-3010b3a90935
 
Error: (07/12/2016 03:51:54 PM) (Source: Application Hang)(User: )
Description: avscan.exe15.0.17.264253c01d1dc1235dc55ad1479C:\Program Files (x86)\Avira\Antivirus\avscan.exe7d42e02a-4805-11e6-82ca-3010b3a90935
 
Error: (07/12/2016 08:59:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/12/2016 08:59:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/12/2016 08:46:00 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/12/2016 08:46:00 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/12/2016 02:36:56 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (07/11/2016 07:54:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/11/2016 07:54:49 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
Error: (07/11/2016 05:30:13 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll
 
 
**** End of log ****


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 13 July 2016 - 11:54 AM

I suggest you reinstall Avira.

Keep me posted.

#13 eClySe

eClySe
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:17 AM

Posted 18 July 2016 - 12:12 PM

It's working now. Is there anything else I need to do?

 

Thanks for all the help.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 19 July 2016 - 07:08 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 PM

Posted 25 July 2016 - 07:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users